Techdirt. Stories filed under "urls"Easily digestible tech news...https://www.techdirt.com/
en-usTechdirt. Stories filed under "urls"https://ii.techdirt.com/s/t/i/td-88x31.gifhttps://www.techdirt.com/Mon, 9 Mar 2015 09:14:50 PDTMPAA Abusing DMCA Takedowns To Attempt A Poor Man's SOPAMike Masnickhttps://www.techdirt.com/articles/20150307/16554730245/mpaa-abusing-dmca-takedowns-to-attempt-poor-mans-sopa.shtml
https://www.techdirt.com/articles/20150307/16554730245/mpaa-abusing-dmca-takedowns-to-attempt-poor-mans-sopa.shtmlfailed miserably. The followup idea was even worse: known as full site blocking, the idea was to convince countries to pass laws that would force ISPs, search engines, domain registrars and others to completely block access not just to infringing content, but to entire sites that the legacy copyright industries deemed "bad."

This was always problematic on a few different levels. First, the entertainment industry has a rather horrible track record of declaring some new innovation "bad" and "illegal" when it shows up on the scene, only much later realizing that the "bad" or "illegal" thing is actually exactly what consumers are looking for. In the past, the industry has attacked radio, television, the VCR, the photocopier, the DVR, the MP3 player and YouTube (among many other things). Giving Hollywood a full on veto for any new technology, before it's had a chance to grow, thrive and show how useful it can be, seems like a great way to kill off innovation. Yet, that's what Hollywood wants. Second, the concept of site blocking itself is incompatible with some of the very fundamentals of the internet. It breaks DNS, it creates big security problems, and it has tremendous collateral damage (not that Hollywood gives a shit about that).

The original site blocking plan was to pass SOPA in the US, which had site blocking provisions. It was seen as a slam dunk easy win by Hollywood, until suddenly, it wasn't (thanks to the internet speaking up loudly). But, similar strategies have worked better in other countries, as courts have often ordered ISPs to block certain sites, often with little review and almost no due process. Yet, as we discovered thanks to the Sony Hack last year, the MPAA is still 100% focused on figuring out ways to implement full site blocking, even as its internal discussion admits it has no idea about the technological feasibility of it. Instead, it's pushing on a few different fronts, from trying to get states Attorneys General involved to abusing the process at the International Trade Commission to "block" sites "at the border."

However, it appears that the latest strategy is just to file a bunch of bogus DMCA takedown notices to Google on the top level domain, rather than on specific content. It's no secret that the MPAA has been asking Google to implement full site blocking for quite some time -- even though doing so wouldn't actually help (because instead of the sites, you'd just get people telling you how to get to those sites or you'd get even sketchier sites). TorrentFreak noticed that the MPAA issued a bunch of questionable DMCA notices on top level domains recently, nearly all of which Google rightly rejected. The law is pretty clear that you have to be identifying the specific work to be taken down, rather than just generally pointing to a site.

The MPAA knows this, which makes the sending of a bunch of top level domains... bizarre. (TorrentFreak also points out that the MPAA may have even sent its own mpaa.org domain in a DMCA notice, but there's a decent chance that that's just someone playing a prank). The decision to file such clearly bogus DMCA notices, from an organization that is so totally focused on site blocking and which has large groups of lawyers looking for every angle to bring in full site blocking... suggests that this isn't just the MPAA getting lazy. Instead, it may be part of a plan to try to set up a test case, in which the MPAA sues over getting Google to remove an entire domain, based solely on a takedown (or series of takedowns) on that top level domain. If so, that would be an astoundingly stupid ploy -- one that the MPAA would have a high likelihood of losing. But perhaps desperate times at the MPAA call for desperate measures. Of course, we're still wondering when the folks over at the MPAA will get desperate enough to focus on giving people what they want, rather than treating them all as criminals.

Permalink | Comments | Email This Story
]]>good luck with thathttps://www.techdirt.com/comment_rss.php?sid=20150307/16554730245Thu, 21 Nov 2013 08:37:24 PSTUS 'Intelligence' Boss Reveals 'Redacted' Date In The URL Of The FileMike Masnickhttps://www.techdirt.com/articles/20131121/03204025320/us-intelligence-boss-reveals-redacted-date-url-file.shtml
https://www.techdirt.com/articles/20131121/03204025320/us-intelligence-boss-reveals-redacted-date-url-file.shtmllatest document dump by James Clapper and the Office of the Director of National Intelligence this week, in which they declassified a large pile of documents (after being told to by the courts -- though they don't mention that part). But, one of the odder parts was that the dates were redacted on certain legal filings, such as the FISA Court order by judge Reggie Walton smacking the NSA around a bit for not complying with the law. Here's the end of that document with the date redacted:

From that, you can see that the redactions (in both) seem rather arbitrary (especially redacting the dates). In many cases, it's difficult to understand why any of these points were redacted in either document. For example, in the original declassification, the following is redacted, but is available in the new release:

The Court further ordered that it would allow NSA, for a period of 20 days, to continue to share the unminimized results of authorized queries of the PR/TT metadata with NSA analysts other than the limited number of analysts authorized to access such metadata, but that such sharing was not to continue beyond the 20-day period unless the government first satisfied the Court, by written submission, that such sharing is necessary and appropriate on an ongoing basis.

Either way, it says quite a lot (none of it good) about our "intelligence" professionals when they offer up a document with a redacted date (makes no sense in the first place), which is easily revealed by the very URL (wtf?) that the intelligence officials chose, and which is further undermined by the fact that the same document had already been declassified with totally different redactions (and which reveals the date). And we're supposed to believe these folks are smart enough to not screw up with all the data they're collecting on everyone?

Permalink | Comments | Email This Story
]]>or in the other version of the document you already releasedhttps://www.techdirt.com/comment_rss.php?sid=20131121/03204025320Wed, 10 Apr 2013 03:38:56 PDTUK Parking Enforcement Contractor Leaves Sensitive Driver Data Exposed; Compounds Embarrassment By Issuing Bogus Legal ThreatsTim Cushinghttps://www.techdirt.com/articles/20130409/17595422651/uk-parking-enforcement-contractor-leaves-sensitive-driver-data-exposed-compounds-embarrassment-issuing-bogus-legal-threats.shtml
https://www.techdirt.com/articles/20130409/17595422651/uk-parking-enforcement-contractor-leaves-sensitive-driver-data-exposed-compounds-embarrassment-issuing-bogus-legal-threats.shtml
Another day, another self-inflicted privacy breach. This time it's a UK private parking enforcement contractor that's leaving its supposedly-secret stuff right out in the open.

UK Parking Control (UKPC) is accused of revealing photographs of Brits' cars parked with number plates clearly to be read and in some cases the location revealed. In some images it's alleged that other details such as identification cards, shopping or belongings are clearly visible. Campaigners against private parking firms believe these images - allegedly made easily accessible to anyone on the UKPC website - exposed drivers' personal information.

When UKPC tickets a car, its enforcers take photos of the vehicle (and, apparently, inside the vehicle, among other places), which are uploaded to UKPC's site. The ticket itself has a printed URL pointing to the damning photos of the illegally parked vehicle. It's a slick system, but its "security" is easily thwarted by a process AT&T might find strangely familiar.

[O[ne ticket recipient claimed to have found that by tweaking values in this web address, he could access thousands of other digital photographs of other people's vehicles... Some shots show personal items on view inside the vehicles, such as an ID card placed next to a disabled-driver badge.

As you may recall, tweaking URLs allowed "Weev" to access the email addresses of hundreds of iPad users (and landed him in jail). The same lack of basic security is on display here. Changing a few values in the URL results in access to photos you were never meant to see.

A blog called Nutsville, which has been a longtime critic of the UK's private parking enforcement, posted several photos obtained from UKPC's website. Among the expected photos of vehicles (with visible license plates) are other oddities, including shots of the lower extremities of parking enforcement employees relaxing at home, several photos of vehicle interiors and most disturbingly, crystal clear photos of drivers' identification cards.

After the Register reported this story, the UK Information Commissioner's office pledged to investigate the leak. UKPC hasn't publicly responded to the breach, but it did send its lawyers after Nutsville in the form of a bizarre Letter Before Action that mixes and matches criminal and civil actions and seems unable to decide on when exactly Nutsville should respond/comply. Nutsville's response to the letter is well worth reading, punching holes in its paper-thin claims and generally deriding the ineptitude of the correspondence.

The letter claims Nutsville has breached the Computer Misuse Act, claiming these photos were acquired by "using a password, without authorisation, to access their website." Nutsville points out this is completely false. The only thing accessed were various URLs on UKPC's site by manipulating values in the URL themselves. From that point on, UKPC's legal representative goes completely off the rails, threatening to inform the police (a criminal matter) of Nutsville's actions. Mere sentences later, the lawyer threatens "injunctive High Court proceedings," suddenly making it a civil matter. On top of that, UKPC's rep demands Nutsville take down the blog post by 10 AM on April 2nd, only to wrap up the bungled legalese by requesting a reply by no later than April 8th.

As both deadlines have come and gone with no follow-up post from Nutsville (or response from UKPC), it would appear that the parking enforcement contractor has either given up on pursuing these bogus legal claims or is tied up attempting to clean up its own backyard ahead of the pending investigation.

The most disappointing aspect of this story is UKPC's response. Disappointing, but far from unexpected. For many businesses, the most common reaction to being informed of a data breach is to shoot the messenger. Rather than issue an apology and fix the problem, they tend to fire off legal threats about "unauthorized access" or other vague hacking claims as if the end user making the discovery should be treated as a criminal for their own negligence.

Permalink | Comments | Email This Story
]]>as-secure-as-an-unlocked,-vellum-paper-doorhttps://www.techdirt.com/comment_rss.php?sid=20130409/17595422651Tue, 18 Sep 2012 14:57:00 PDTAnti-Medical Marijuana Committee Fails To Register Published URL, Hilarity EnsuesTim Cushinghttps://www.techdirt.com/articles/20120914/13581620386/anti-medical-marijuana-committee-fails-to-register-published-url-hilarity-ensues.shtml
https://www.techdirt.com/articles/20120914/13581620386/anti-medical-marijuana-committee-fails-to-register-published-url-hilarity-ensues.shtml
It's election season, a time when man's (and more recently, woman's) thoughts turn towards shutting off the TV, radio and phone until mid-November. But! Things must be voted on, including such controversial issues as legalizing medical marijuana and authorizing dispensaries. As an opponent of weed-based medicines, you vow to fight this with every ounce/gram of your being. You set your plan in action.

1. Pick a name for your committee. ("No on Question 3")
2. Pick out a suitable URL ("votenoonquestion3.org")
3. Get your committee and its pertinent information added to the official voters' guide (both print and online.)
4. Register URL.
5. Become aghast.

Can anyone point out where Vote No on Question 3 went wrong? Here are some visual aids, taken from votenoonquestion3.org:

You see, the internet is like magic. And like most magic, it can be used for entertainment purposes. All the do-gooding in the world doesn't amount to much if you forget to register your URL. While you're busy enjoying that "new ink" smell of freshly printed Voter's Guides, someone quicker on the draw is undermining your "marijuana is bad" propagandaproselytizing information with hilariously over-the-top headlines.

The bad news is that the paper version will carry the old URL permanently. Of course, very few people are willing to type in a URL by hand, but as news of this blunder spreads, the fake site with the real URL will be receiving much more attention, voters' guide correction or no.

Here's the official reaction from No on Question 3 spokesman, Kevin Sabet:

"It's funny and upsetting, I guess, at the same time."

Yeah. Largely the first part. And to think, the committee can't even blame a late afternoon smokeout for the mental slip.

The group sent out a press release saying proponents of medical marijuana were tampering with the democratic process through “underhanded efforts.”

Sabet admits the committee made a mistake and yet, the press release attempts to paint No on Question 3 as the victim of villainous pot smokers rather than treating it like the self-inflicted wound it is.

Oh, and here's more bad news for the "No" side:

The Globe notes that the No on Question 3 campaign has managed to collect all of $600 so far, compared to the $1 million or so that supporters of the initiative have received from Peter Lewis, a longtime patron of drug policy reform.

Maybe it's time to admit your fears of a weed-loaded America are overblown, especially when you've just been outmaneuvered (and outspent) by a bunch of stoners.

Permalink | Comments | Email This Story
]]>you-can't-like,-OWN-a-URL,-manhttps://www.techdirt.com/comment_rss.php?sid=20120914/13581620386Wed, 9 Sep 2009 09:09:00 PDTIsraeli Claims Patent Over Adding .com To The End Of The Address BarMike Masnickhttps://www.techdirt.com/articles/20090909/0009166136.shtml
https://www.techdirt.com/articles/20090909/0009166136.shtmlTechCrunch points us to a story about an Israeli company by the name of Netex who is claiming a patent over "www.addressing." What's that? Well, apparently it's the process of simply adding a ".com" to the end of a word you put in a browser address bar. There are all sorts of questions raised by this, and the reporting at the Israeli site Ynetnews leaves a lot to be desired. First, neither Ynetnews nor TechCrunch point to the actual patent. I've been searching on both the supposed inventor's name (Aviv Refuah) and his company's name and I can't find it. If anyone out there can find the actual patent, please post a link in the comments.

The next problem with the article is the claim that this patent is "worth millions" and that Google, Microsoft and Yahoo "will have to pay royalties." It remains to be seen if that's true (and given what's stated, it seems quite doubtful).

Next problem? The article claims that this patent is about the address bar in the browser -- not a search engine box -- though, the reporter doesn't seem to understand the difference between the two. Admittedly, Google now offers a browser in Chrome, but the article keeps referring to the patent as a "search option." Yahoo doesn't offer a browser.

Then there's the issue of claiming that Google and Yahoo "use" this technology:

Refuah says various internet giants such as Google, Microsoft, and Yahoo have been using the program for years, and now they will have to pay royalties to Netex.

That implies -- falsely -- that Google, Microsoft and Yahoo have somehow been using some technology that they got from Netex. It's a common trick used in reporting about patents, but its highly misleading. Much, much, much more likely is that Google, Microsoft and Yahoo simply added a useful and obvious feature, that Netex is now showing up and claiming ownership years later.

Finally, it's tough to say much about the actual patent claims in question -- seeing as we haven't seen them -- but from the Ynetnews description, it's difficult to see how such a thing could possibly be considered patentable (and one would think that Netscape would have some prior art, though I can't remember exactly when Netscape added the ability to add .com to the end of something put in the browser bar). But, honestly, can anyone with a straight face explain why such a thing should be patentable?